Debians sikkerhedsbulletin

DSA-291-1 ircii -- bufferoverløb

Rapporteret den:
22. apr 2003
Berørte pakker:
ircii
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7098, BugTraq-id 7095, BugTraq-id 7094, BugTraq-id 7093.
I Mitres CVE-ordbog: CVE-2003-0323.
Yderligere oplysninger:

Timo Sirainen har opdaget flere problemer i ircII, en populær klient til Internet Relay Chat (IRC). På en ondsindet server kunne der laves særlige svarstrenge, der kunne få klienten til at skrive ud over buffergrænser. Dette kunne føre til et lammelsesangreb, hvis klienten kun gik ned, men kunne også føre til udførelse af vilkårlig kode under den chattende brugers brugerid.

I den stabile distribution (woody) er disse problemer rettet i version 20020322-1.1.

I den gamle stabile distribution (potato) er disse problemer rettet i version 4.4M-1.1.

I den ustabile distribution (sid) er disse problemer rettet i version 20030315-1.

Vi anbefaler at du opgraderer din ircII-pakke.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1.dsc
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1.diff.gz
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_i386.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_m68k.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1.dsc
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1.diff.gz
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.